/[smecontribs]/rpms/smeserver-mod_dav/contribs10/smeserver-mod_dav-1.1-bz12051-24syntax.patch
ViewVC logotype

Annotation of /rpms/smeserver-mod_dav/contribs10/smeserver-mod_dav-1.1-bz12051-24syntax.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Fri Jul 29 04:55:57 2022 UTC (2 years, 3 months ago) by jpp
Branch: MAIN
CVS Tags: smeserver-mod_dav-1_1-8_el7_sme, HEAD
Changes since 1.1: +9 -5 lines
* Thu Jul 28 2022 Jean-Philippe Pialasse <tests@pialasse.com> 1.1-8.sme
- update to apache 2.4 access syntax [SME: 12051]

1 jpp 1.1 diff -Nur --no-dereference smeserver-mod_dav-1.1.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/95Addmod_dav2ibays smeserver-mod_dav-1.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/95Addmod_dav2ibays
2     --- smeserver-mod_dav-1.1.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/95Addmod_dav2ibays 2022-07-28 23:51:31.454000000 -0400
3 jpp 1.2 +++ smeserver-mod_dav-1.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/95Addmod_dav2ibays 2022-07-29 00:52:11.073000000 -0400
4 jpp 1.1 @@ -13,7 +13,7 @@
5     $OUT .= "\n # ibay $key disabled for httpd so no DAV access\n" if $access eq 'none';
6     next if $access eq 'none';
7     # true if have to be password accessible from somewhere.
8     - my $satisfy = ($access eq 'global-pw-remote')? 'any': 'all';
9     + my $satisfy = ($access eq 'global-pw-remote')? 'RequireAny': 'RequireAll';
10     if ($properties{'ModDav'})
11     {
12     if ($properties{'ModDav'} eq 'enabled')
13 jpp 1.2 @@ -32,10 +32,10 @@
14     if ($dynamicContent eq 'enabled' && $secureEXEC eq 'enabled')
15     {
16     # we do not want PHP or CGI to be runt there for security reason
17     - $OUT .= " <FilesMatch \\.php\$>\n";
18     + $OUT .= " <FilesMatch \\.(phar|php)\$>\n";
19 jpp 1.1 $OUT .= " #disabling php\n";
20     $OUT .= " SetHandler !\n"; # could use also SetHandler none
21     - $OUT .= " deny from all\n" if ( $properties{'ModDavHidePHP'} || 'enabled' ) eq 'enabled';
22     + $OUT .= " Require all denied\n" if ( $properties{'ModDavHidePHP'} || 'enabled' ) eq 'enabled';
23     $OUT .= " </FilesMatch>\n";
24     $OUT .= " Options -ExecCGI\n";
25     $OUT .= " RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo\n";
26     @@ -54,15 +54,14 @@
27     $OUT .= " DirectoryIndex disabled\n\n" unless ( ($properties{'ModDavNoDirectoryIndex'}||"enabled" ) eq "disabled");
28     $OUT .= " #DirectoryIndex disabled : DavNoDirectoryIndex has been defined to force DirectoryIndex \n\n" if ( ($properties{'ModDavNoDirectoryIndex'}||"enabled" ) eq "disabled");
29    
30     - $OUT .= " order deny,allow\n";
31     - $OUT .= " deny from all\n";
32     - $OUT .= " " . $ReadAllow . "\n";
33     $OUT .= " AuthName \"$properties{'Name'}\"\n";
34     $OUT .= " AuthBasicProvider external\n";
35     $OUT .= " AuthType Basic\n";
36     $OUT .= " AuthExternal pwauth\n";
37     - $OUT .= " " . $ReadRequire . "\n";
38     - $OUT .= " Satisfy $satisfy\n\n";
39     + $OUT .= " <$satisfy>\n";
40     + $OUT .= " " . $ReadRequire . "\n";
41     + $OUT .= " " . $ReadAllow . "\n";
42     + $OUT .= " </$satisfy>\n\n";
43    
44     # Ensure only valid users get to do stuff... update 2021/02:
45     # GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK
46     @@ -72,14 +71,15 @@
47     # however we put our limit to the whole folder with the Require user .... above, so the whole block under seems useless
48     # unless we reduce it to one user, or are fool to enlarge to Require valid-user
49     # $OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\n\n";
50     -# $OUT .= " Allow from all\n";
51     +# $OUT .= " #Require all granted\n";
52     # $OUT .= " Require user $userlist\n\n";
53     # $OUT .= " </Limit>\n\n";
54    
55     $OUT .= " <LimitExcept GET POST PROPFIND OPTIONS CONNECT>\n";
56     - $OUT .= " " . $WriteRequire . "\n";
57     - $OUT .= " Satisfy All\n";
58     - $OUT .= " ". $WriteAllow ."\n";
59 jpp 1.2 + $OUT .= " <RequireAll>\n";
60 jpp 1.1 + $OUT .= " " . $WriteRequire . "\n";
61     + $OUT .= " ". $WriteAllow ."\n";
62 jpp 1.2 + $OUT .= " </RequireAll>\n";
63 jpp 1.1 $OUT .= " </LimitExcept>\n\n";
64     $OUT .= "</Directory>\n";
65     }
66     diff -Nur --no-dereference smeserver-mod_dav-1.1.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/21IbayWebDav smeserver-mod_dav-1.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/21IbayWebDav
67     --- smeserver-mod_dav-1.1.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/21IbayWebDav 2022-07-28 23:51:31.454000000 -0400
68     +++ smeserver-mod_dav-1.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/21IbayWebDav 2022-07-29 00:03:53.101000000 -0400
69     @@ -14,8 +14,6 @@
70     $OUT .= "\n # ibay $key disabled for httpd so no DAV access\n" if $access eq 'none';
71     next if $access eq 'none';
72     # true if have to be password accessible from somewhere.
73     - my $ispassibay = $access =~ /-pw/;
74     - my $satisfy = ($access eq 'global-pw-remote')? 'any': 'all';
75     if ($properties{'ModDav'})
76     {
77     if ($properties{'ModDav'} eq 'enabled')
78     diff -Nur --no-dereference smeserver-mod_dav-1.1.old/root/usr/share/perl5/vendor_perl/esmith/DAV.pm smeserver-mod_dav-1.1/root/usr/share/perl5/vendor_perl/esmith/DAV.pm
79     --- smeserver-mod_dav-1.1.old/root/usr/share/perl5/vendor_perl/esmith/DAV.pm 2022-07-28 23:51:31.457000000 -0400
80     +++ smeserver-mod_dav-1.1/root/usr/share/perl5/vendor_perl/esmith/DAV.pm 2022-07-29 00:09:32.842000000 -0400
81     @@ -67,22 +67,22 @@
82     sub getAllow {
83     my ($mode, $key, $localAccess ) = @_;
84     $localAccess = (defined $localAccess ) ? $localAccess : "127.0.0.1";
85     - my $ibay = $adb->get($key) or return "allow from 127.0.0.1";
86     - my %properties = $ibay->props or return "allow from 127.0.0.1";
87     + my $ibay = $adb->get($key) or return "Require ip 127.0.0.1";
88     + my %properties = $ibay->props or return "Require ip 127.0.0.1";
89     my $Public = $properties{'PublicAccess'} || 'none';
90    
91     - my $allow = "allow from 127.0.0.1";
92     + my $allow = "Require ip 127.0.0.1";
93     if ($Public eq 'none')
94     {
95     $allow = "# allow from set to NONE";
96     }
97     elsif ($Public =~ /(local|remote)/ )
98     {
99     - $allow = "allow from " . $localAccess;
100     + $allow = "Require ip " . $localAccess;
101     }
102     elsif ($Public =~ /global/)
103     {
104     - $allow = "allow from all";
105     + $allow = "Require all granted";
106     }
107     return $allow;
108     }

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed